Request a Proposal
Compliance Council Location


24 November 2020
General Business

What is ISO 22301?

Now more than ever, businesses feel a need to improve their ability to operate in the wake of a crisis. Whether you’re susceptible to natural disasters or human-made crises, your stakeholders need assurance that your business can handle the emergency.

ISO 22301 is an international business continuity management standard. Companies use it to make sure their operations continue, and their products and services are delivered at consistent levels. The standard also ensures that brands and value-creating activities are protected and that the interests of key stakeholders are safeguarded, even when business disruptions take place.

In this article, we’ll provide an overview of ISO 22301 and answer common questions about business continuity.


What is ISO 22301?

The International Organisation for Standardisation (ISO) develops and publishes international standards for many industries, from space vehicle engineering to agriculture. ISO 22301 deals specifically with how to manage business continuity. The official name of the standard is ISO 22301:2019 Security and resilience - Business continuity management systems.

Written by leading business continuity experts, ISO 22301 provides a framework for managing business continuity. Once an accredited certification body certifies you, you can prove your compliance to customers, partners and other stakeholders. ISO certification provides credibility and peace of mind, both internally and externally.


Benefits of Business Continuity

When a company works toward improving business continuity, it can expect to reap the following benefits.

Compliance with Legal Requirements

More and more countries have defined laws and regulations that require business continuity compliance. But governments aren’t the only ones concerned with higher standards. Private businesses, especially financial institutions, are also requiring partners to implement business continuity policies and processes. ISO 22301 provides the ideal framework for reaching these requirements (both governmental and private).

Market Advantage

What does your business have that your competitors don’t? When you’re ISO 22301 certified, you have an advantage when it comes to customers who are sensitive about maintaining the continuity of their operations. Certification often attracts new customers; it demonstrates that you’re among the best in your industry.

Lower Personnel Risk

Too often, businesses rely on a few key players who are difficult to replace. When these people leave the company, weaknesses become glaringly obvious, and the bottom line may suffer. Business continuity practices can reduce their dependence on those individuals (by implementing replacement solutions and documenting related tasks), leading to easier transitions when you experience personnel changes.

Minimal Disruptions

Today’s environment of real-time services and transactions can be risky for businesses. Every minute of downtime costs money, and when customers get frustrated, they may not return for future transactions. By implementing business continuity practices, you give yourself a sort of insurance policy. You can prevent disruptive incidents from happening or increase your capability for a quicker recovery. Ultimately, you’ll save money.


How Does ISO 22301 Work?

The standards included in ISO 22301 ensure continuity of business delivery after disruptive events occur. Such events include natural disasters, civil unrest, security breaches and so forth. 

Through a business impact analysis, you’ll discover your business continuity priorities and which disruptive events are most likely to occur. Essentially, through compliance with ISO 22301, you’ll find out which activities are most important to your business continuity and what you can do to manage the associated risks systematically.

Some of the solutions might include establishing policies, procedures and implementation of software and equipment. Businesses certified for ISO 22301 have sound preparedness policies in place as well as the resources and equipment for following through. 


ISO 22301 Basics

ISO 22301 contains eleven sections. Sections 0 through 3 are not mandatory for implementation; sections 4 through 10 are required. We won’t go into details here, but you can get a sense of ISO 22301’s contents from the standards’ sections:

0 - General

1 - Scope

2 - Normative references

3 - Terms and definitions

4 - Context of the organisation

5 - Leadership

6 - Planning

7 - Support

8 - Operation

9 - Performance evaluation

10 - Improvement


ISO 22301 Basics

The implementation timeline of ISO 22301 varies, depending on your current level of preparation and what you need to achieve for compliance. Generally speaking, the ISO 22301 implementation process has 17 steps:

1) Management support

2) Identification of requirements

3) Business continuity policy and objectives

4) Support documents for management system

5) Risk assessment and treatment

6) Business impact analysis

7) Business continuity strategy

8) Business continuity plan

9) Training and awareness

10) Documentation maintenance

11) Exercising & testing

12) Post-incident reviews

13) Communication with interested parties

14) Measurement and evaluation

15) Internal audit

16) Corrective actions

17) Management review


It’s a lot to take on, but the results can lead to excellent opportunities and vastly improved resilience. Here at Compliance Council, we’ve helped many businesses achieve ISO accreditation. We’ll walk you through the process, liaise with associated parties and keep you on track. 

To request a proposal and speak to our team, fill out this brief form. We look forward to helping you strengthen your business and prepare for future opportunities.